Announcements

Google has released an updated Chrome version 146.0.7680.177/178 for Windows/Mac and 146.0.7680.177 for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, cause memory corruption, read out-of-bounds memory, corrupt objects, cause integer overflows, or bypass security and policy restrictions across multiple browser components by persuading the victim to visit a maliciously […]

Investigation confirmed successful web shell execution following the exploitation of Ivanti zero-day vulnerabilities (CVE-2026-1340 and CVE-2026-1281) on multiple organizations’ internet-facing Ivanti Endpoint Manager Mobile (EPMM) servers. Reference to Alert No. 18, “Ivanti Security Update – 01 February 2026”, EGFinCIRT requests a comprehensive Compromise Assessment for Ivanti Endpoint Manager Mobile (EPMM) servers. Attackers might take advantage

Grafana has released security updates to fix several vulnerabilities across multiple Grafana products. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass authorization controls, disclose sensitive datasource configurations, perform cross-site scripting (XSS) attacks via Grafana Explore, or cause denial-ofservice attacks on the affected systems. Sample of the addressed vulnerabilities: 1. RCE

Microsoft has released security updates to address several vulnerabilities affecting multiple Microsoft products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, perform spoofing attacks, bypass security restrictions, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Microsoft Azure Cloud Shell Elevation

Oracle has released a security update to fix a critical vulnerability affecting Oracle Identity Manager and Oracle Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0. The addressed vulnerability could allow the remote attacker to execute arbitrary code without authentication and gain access to the affected systems. Oracle Identity Manager and Oracle Web Services Manager Unauthenticated Remote

Citrix has released a security update to address vulnerabilities affecting Citrix NetScaler ADC and Citrix NetScaler Gateway. The addressed vulnerabilities could allow the attacker to obtain sensitive memory contents, including authentication tokens, cryptographic keys, or user credentials, or gain unauthorized access to the affected systems, leading to a user session mixup where one user’s session

GNU InetUtils has addressed a critical vulnerability affecting all versions of the Telnet service implementation through 2.7. The addressed vulnerability could allow the remote attackers to perform out-ofbounds writes on systems running vulnerable versions of GNU inetutils telnetd, potentially leading to arbitrary code execution, full system compromise, or denial of service. GNU Inetutils Remote Pre-Auth

Veeam has released security updates to fix several vulnerabilities across Veeam Backup & Replication version 13.0.1.1071 and all earlier version 13 builds and version 12.3.2.4165 and all earlier version 12 builds. The addressed vulnerabilities could allow the attacker to bypass security restrictions, manipulate repository files, extract stored credentials, escalate privileges, or execute arbitrary code, and

Google has released an updated Chrome version 146.0.7680.80 for Windows and Mac, and version 146.0.7680.80 for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, cause memory corruption, or bypass security restrictions by persuading the victim to install a malicious extension or visit a malicious website. Sample of the addressed vulnerabilities:

HPE Aruba has released security updates to fix several vulnerabilities across multiple HPE Aruba products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, perform denial-of-service and cross-site scripting attacks, gain elevated privileges, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1.

Zoom has released a security update to fix several vulnerabilities across multiple Zoom products. The addressed vulnerabilities could allow the attacker to gain elevated privileges on the affected system. Sample of the addressed vulnerabilities: Zoom Workplace for Windows – External Control of File Name or Path (CVE-2026- 30903): CVSS: 9.6 Attack Vector: Network Attack Complexity:

SAP has released security updates to address several vulnerabilities affecting multiple SAP products.  SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products, such as SAP NetWeaver Enterprise Portal Administration, SAP NetWeaver Application Server for ABAP, SAP NetWeaver (Feedback Notification), SAP Supply Chain Management, SAP Business One (Job Service), SAP Business Warehouse

Cisco has released security updates to address several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to bypass authentication, gain elevated privileges, execute arbitrary code or commands, perform SQL injection, cross-site scripting (XSS) attacks, denial-of-service attacks, and obtain sensitive information from the affected systems. Sample of addressed vulnerabilities: 1. Cisco Secure

Trend Micro has released security updates to address several vulnerabilities affecting Trend Micro Apex One version 2019 (On-prem), Apex One as a Service (SaaS), and Trend Vision One Endpoint – Standard Endpoint Protection (SaaS). The addressed vulnerabilities could allow the attacker to gain elevated privileges, execute arbitrary code, and gain access to the affected systems.

Juniper has released a security update to fix a critical vulnerability affecting Juniper Networks Junos OS Evolved on PTX Series. The addressed vulnerability could allow the unauthenticated, network-based attacker to access and manipulate the On-Box Anomaly Detection framework service to execute code as root and gain full access to the affected system. Juniper Junos OS

Mozilla has released an updated Firefox version 148, Firefox ESR versions 115.33, and 140.8 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Mozilla Sandbox Escape in the Storage:

Cisco has released security updates to address several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to perform denial-of-service attacks, obtain sensitive information, manipulate data, conduct cross-site scripting attacks, gain elevated privileges, execute arbitrary commands, and gain access to the affected systems. Sample of addressed vulnerabilities: 1. Cisco Catalyst SD-WAN Controller

SolarWinds has released security updates to address several vulnerabilities affecting SolarWinds Serv-U 15.5. The addressed vulnerabilities could allow the attacker to perform an Insecure Direct Object Reference (IDOR) attack, conduct a broken access control attack, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: SolarWinds Serv-U Type Confusion

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed six actively exploited and three publicly disclosed zero-day vulnerabilities. Microsoft has fixed (59) vulnerabilities that could allow the attacker to gain elevated privileges, perform denial-of-service attacks, obtain sensitive information, conduct spoofing attacks, bypass security restrictions, or execute arbitrary

Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the attacker to bypass authentication mechanisms, conduct SQL injection and cross-site scripting attacks, perform request smuggling attacks, execute unauthorized code or commands, gain elevated privileges, obtain sensitive information, bypass firewall and access control policies, or gain unauthorized